{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4448","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-05-08T18:49:03.979Z","datePublished":"2025-05-09T00:31:04.140Z","dateUpdated":"2025-05-09T03:48:39.143Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-05-09T00:31:04.140Z"},"title":"D-Link DIR-619L formEasySetupWizard buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"D-Link","product":"DIR-619L","versions":[{"version":"2.04B04","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer."},{"lang":"de","value":"In D-Link DIR-619L 2.04B04 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formEasySetupWizard. Durch das Manipulieren des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C"}}],"timeline":[{"time":"2025-05-08T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-05-08T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-05-08T20:54:26.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"jylsec (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.308062","name":"VDB-308062 | D-Link DIR-619L formEasySetupWizard buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.308062","name":"VDB-308062 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.558357","name":"Submit #558357 | D-Link DIR-619L 2.04B04 Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/jylsec/vuldb/blob/main/D-Link/dlink_dir619l/Buffer_overflow-formEasySetupWizard-curTime/README.md","tags":["related"]},{"url":"https://www.dlink.com/","tags":["broken-link","product"]}],"tags":["unsupported-when-assigned"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-09T03:48:00.354072Z","id":"CVE-2025-4448","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-09T03:48:39.143Z"}}]}}